LULU Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (290)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en290

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

it16
us4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

LULU4

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined78
Document Reader Software56
Database Software18
Smartwatch Operating System14
Virtualization Software14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined60
Oracle54
Apple48
Adobe44
Foxit16

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

Adobe Acrobat Reader42
Apple watchOS14
Foxit Reader14
Oracle VM VirtualBox14
Oracle MySQL Server14

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1Thomas R. Pasawicz HyperBook Guestbook Password Database gbconfiguration.dat Hash information disclosure5.35.2$5k-$25kCalculatingHighWorkaround0.020160.00CVE-2007-1192
2DZCP deV!L`z Clanportal config.php code injection7.36.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.009430.86CVE-2010-0966
3PHP phpinfo cross site scripting4.33.9$5k-$25k$0-$5kProof-of-ConceptOfficial Fix0.019600.03CVE-2007-1287
4cbeust testng XML File Parser JarFileUtils.java testngXmlExistsInJar path traversal6.36.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000790.11CVE-2022-4065
5OpenSSL c_rehash os command injection5.55.3$5k-$25k$0-$5kNot DefinedOfficial Fix0.106490.03CVE-2022-1292
6Asus Aura Sync Asusgio Low-Level Driver access control6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000770.02CVE-2018-18535
7GNU elfutils eblobjnote.c ebl_object_note memory corruption6.46.4$0-$5k$0-$5kNot DefinedNot Defined0.003600.02CVE-2019-7146
8ZoneMinder controlcaps.php Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedOfficial Fix0.000680.00CVE-2019-6992
9ZoneMinder zm_user.cpp zmLoadUser memory corruption8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.002100.00CVE-2019-6991
10ZoneMinder Zone Name zones.php Stored cross site scripting4.44.4$0-$5k$0-$5kNot DefinedOfficial Fix0.000530.00CVE-2019-6990
11OpenJPEG opj_malloc.c opj_calloc resource consumption5.95.9$0-$5k$0-$5kNot DefinedNot Defined0.001320.00CVE-2019-6988
12Vivo Vitro SPARQL individual input validation6.46.4$0-$5k$0-$5kNot DefinedOfficial Fix0.009020.00CVE-2019-6986
13Red Hat Enterprise Linux systemd-journald journald-server.c dispatch_message_real resource management3.33.3$0-$5k$0-$5kNot DefinedOfficial Fix0.000420.02CVE-2019-3815
14Debian apt 302 Redirect injection8.17.9$5k-$25k$0-$5kNot DefinedOfficial Fix0.036050.09CVE-2019-3462
15Adobe Experience Manager Reflected cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2018-19727
16Adobe Experience Manager Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2018-19726
17Adobe Experience Manager Forms Stored cross site scripting5.25.2$0-$5k$0-$5kNot DefinedNot Defined0.001540.00CVE-2018-19724
18Ceph Debug Logging Password information disclosure6.86.8$0-$5k$0-$5kNot DefinedNot Defined0.001580.00CVE-2018-16889
19BlueZ access control4.04.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000440.00CVE-2018-10910
20Yii CORS Policy Converter origin validation5.75.7$0-$5k$0-$5kNot DefinedNot Defined0.000620.03CVE-2018-20745

Campaigns (1)

These are the campaigns that can be associated with the actor:

  • Pegasus

IOC - Indicator of Compromise (5)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
164.227.121.213LULUPegasus08/24/2021verifiedHigh
2XX.XXX.XXX.Xxxxxx-xxx-xxx-xx.xxxxxxxxxxxxxx.xxxxx.xxXxxxXxxxxxx08/24/2021verifiedHigh
3XXX.XXX.XX.XXXxxxxxx-xxx.xxxxxxx.xxxxxx.xxxXxxxXxxxxxx08/24/2021verifiedHigh
4XXX.XXX.XXX.XXXxxx.xxx.xxxxxx.xxxXxxxXxxxxxx08/24/2021verifiedHigh
5XXX.XXX.XX.XXXXxxxXxxxxxx08/24/2021verifiedHigh

TTP - Tactics, Techniques, Procedures (16)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1055CAPEC-10CWE-74Improper Neutralization of Data within XPath ExpressionspredictiveHigh
3T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
4T1059.007CAPEC-209CWE-79, CWE-80Cross Site ScriptingpredictiveHigh
5TXXXXCAPEC-19CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
6TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
7TXXXXCAPEC-136CWE-XX, CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
8TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
9TXXXXCAPEC-CWE-XXX, CWE-XXX7xx Xxxxxxxx XxxxxxxxpredictiveHigh
10TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
11TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
12TXXXX.XXXCAPEC-459CWE-XXXXxxxxxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
13TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
14TXXXXCAPEC-112CWE-XXX, CWE-XXXXxxxxxxxxxxxx XxxxxxpredictiveHigh
15TXXXX.XXXCAPEC-CWE-XXXXxx Xxxxxxxxxx XxxxxpredictiveHigh
16TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (63)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/user_list_backend.phppredictiveHigh
2File/individualpredictiveMedium
3Fileadmin.php?m=backup&c=backup&a=dobackpredictiveHigh
4Fileadmin.php?mod=product&act=statepredictiveHigh
5Fileadmin/cp-functions/event-add.phppredictiveHigh
6Fileadmin/modules/tools/ip_history_logs.phppredictiveHigh
7Fileassets/javascripts/workflowStepEditorKO.jspredictiveHigh
8Filebadcache.cpredictiveMedium
9Filexxxxx-xxx.xpredictiveMedium
10Filexxxx/xxxxxxxx.xxxpredictiveHigh
11Filexxx.xpredictiveLow
12Filex_xxxxxxpredictiveMedium
13Filexxxx/xxxxxxxxxxxxxxx.xxxpredictiveHigh
14Filexxxx/xxxxxxx.xpredictiveHigh
15Filexxxxxxx/xxx/xxx-xxxxx.xpredictiveHigh
16Filexxxxxxxxxx.xpredictiveMedium
17Filexx_xxxxx_xxxxx.xpredictiveHigh
18Filexx_xxx_xxx.x/xx_xxxx.x/xx_xxxx.xpredictiveHigh
19Filexxxxx_xxxxxxxxx.xxxpredictiveHigh
20Filexxxx.xxxpredictiveMedium
21Filexxx/xxxxxx.xxxpredictiveHigh
22Filexxxxxxxx/xxxxxxxxxx/xxxxx-xx-xxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
23Filexxxxxxx/xxxxxx.xpredictiveHigh
24Filexxxxxxxx-xxxxxx.xpredictiveHigh
25Filexxxx.xpredictiveLow
26Filexxxxxxx/xx_xxx.xpredictiveHigh
27Filexxxxx_xxxx_xxxxxxxxx.xxxpredictiveHigh
28Filexxx_xxxxxxx.xpredictiveHigh
29Filexxxxxxx/xxx_xxxxxx.xpredictiveHigh
30Filexxxxxxxx-xxxxx-xxxxxxxxxx/xxx/xxxx/xxxxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxxxxxxxxxxxxxx/xxxxxx/xxxxxxxxx.xxxxxxpredictiveHigh
31Filexxxxxxx.xxxpredictiveMedium
32Filexxx-xxx.xpredictiveMedium
33Filexxx-xxxx.xpredictiveMedium
34Filexxxxxxxxx/xxxxxxx/xxxx/xxxxxxxxxxxxxxxxxxxxxxx.xxxpredictiveHigh
35Filexxxxxxx.xxxxpredictiveMedium
36Filexxxxxxxxxxx_xxxxx.xxxpredictiveHigh
37Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxxxxxxxx/xxxxxxx/xxxxxx/xxxxxxxxxxxxx.xxxxpredictiveHigh
38Filexxx/xxxx/xxxx/xxx/xxxxxxxxx/xxxxxxx/xxxxxxxx/xxx/xxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
39Filexxxxx/xxx/xxxxx/xxxxx.xxpredictiveHigh
40Filexxxxxxxxxxxxxxxxxx.xxxxpredictiveHigh
41Filexxxxxx-xxxx/xxx/xxxx/xxxx/xxx/xxxxxx/xxxxxxxxxxxx.xxxxpredictiveHigh
42Filexxxx-xxxx_xxxxx.xxxpredictiveHigh
43Filexxxxxxxx.xpredictiveMedium
44Filexxx/xxxxx/xxxxxxx/xxxxx/xxxxxxxxxxx.xxxpredictiveHigh
45Filexxx/xxxxx/xxxxxxx/xxxxx/xxxxx.xxxpredictiveHigh
46Filexxxxxxxxxxx.xxxpredictiveHigh
47Filexx_xxxx.xxxpredictiveMedium
48Libraryxxxxxxx_xxxxxxxpredictiveHigh
49ArgumentxxxxxxxxpredictiveMedium
50ArgumentxxxxxxxpredictiveLow
51Argumentxxxxxxx_xx[]predictiveMedium
52Argumentxxxxxxxxxxx[xxxx]predictiveHigh
53Argumentxxxx_xxxxxxxpredictiveMedium
54ArgumentxxxxpredictiveLow
55Argumentxxxxxxxx_xpredictiveMedium
56ArgumentxxxxxxxxxpredictiveMedium
57Argumentxxxxxxx[]predictiveMedium
58ArgumentxxxpredictiveLow
59ArgumentxxxxxxxxxpredictiveMedium
60Argument_xxxxxxx=predictiveMedium
61Input Value%xxpredictiveLow
62Input Value/../predictiveLow
63Input ValuexxxxxxxxxxpredictiveMedium

References (2)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!